Skip to main content
CVE-2024-27632 HIGH POC This Week

An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Savane
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2024-3466 HIGH POC This Week

A vulnerability was found in SourceCodester Laundry Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Laundry Shop Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-24279 HIGH POC This Week

An issue in secdiskapp 1.5.1 (management program for NewQ Fingerprint Encryption Super Speed Flash Disk) allows attackers to gain escalated privileges via vsVerifyPassword and vsSetFingerPrintPower. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secdiskapp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-3442 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-3441 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-31814 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 allows attackers to bypass login through the Form_Login function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
8.6%
CVE-2024-31809 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-31808 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the webWlanIdx parameter in the setWebWlanIdx function. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ex200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-28066 HIGH POC This Week

In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 6940W Firmware 6930W Firmware 6920W Firmware 6970 Firmware +10
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-31811 HIGH POC This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the langType parameter in the setLanguageCfg function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ex200 Firmware
NVD GitHub
CVSS 3.1
8.0
EPSS
1.0%
CVE-2024-27630 HIGH POC This Week

Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Savane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-28732 HIGH POC This Week

An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ryu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-31817 HIGH POC THREAT This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
55.3%
CVE-2024-3440 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2024-3436 HIGH POC This Week

A vulnerability was found in SourceCodester Prison Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Prison Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2024-31442 HIGH PATCH This Week

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Roblox Purchasing Hub
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-28744 HIGH This Week

The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-2834 HIGH This Week

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
8.7
EPSS
0.5%
CVE-2024-31813 HIGH This Week

TOTOLINK EX200 V4.0.3c.7646_B20201211 does not contain an authentication mechanism by default. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ex200 Firmware
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2024-0082 HIGH This Week

NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Nvidia Microsoft Chatrtx
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2024-28270 HIGH This Week

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-26574 HIGH This Week

Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Filmora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-23084 HIGH This Week

Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apfloat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2024-23085 HIGH This Week

Apfloat v1.10.1 was discovered to contain a NullPointerException via the component org.apfloat.internal.DoubleScramble::scramble(double[], int, int[]). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Apfloat
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-31816 HIGH This Week

In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getEasyWizardCfg. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ex200 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2024-27897 HIGH This Week

Input verification vulnerability in the call module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27896 HIGH This Week

Input verification vulnerability in the log module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-27895 HIGH This Week

Vulnerability of permission control in the window module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy